Your passphrase is used as master private key on any device. 12 words are easy to copy and paste, but it'd take a while to type on a mobile device. We don't want to ask you to type it every time you login to your account. Therefore, we ask you to set a 4-digit PIN which is tied to the device.
We understand that such 4-digit PIN is easy to brute-force, so we don't use your PIN to encrypt your master key directly. Instead, your PIN is sent to our server in exchange for a long token, which is used to decrypt your encrypted master key stored locally on your device. If the PIN is entered incorrectly three times, the long token on the server is erased, which renders the locally encrypted version of the master key useless. The only way to access your wallet then will be using your 12-word passphrase.